2021-12-07 Revision 5.2
This document describes the registrar self-service portal (SB) offered by Punktum dk.
The document is targeted at registrars as audience.
This specification describes version 5.X.X of the Punktum dk Self-service portal (SB). Future releases will be reflected in updates to this specification, please see the document history section below.
The documentation is aimed at registrars for support of end-customers interacting with SB. The documentation is kept in English. The Self-service portals supports both Danish and English.
Screenshots for depicting features can be seen by clicking the ποΈβπ¨οΈ icon. In the documentation the English versions are linked and used, equivalent versions in Danish are available in the screenshots directory of this repository, see also: References.
Do note that the specification describes the latest released service. Service version is listed in the Document History, so given changes implemented in the service are reflected in the specification.
Any future additions and changes to the implementation are not within the scope of this document and will not be discussed or mentioned throughout this document.
This document is owned and maintained by Punktum dk A/S and must not be distributed without this information.
All examples provided in the document are fabricated or changed from real data to demonstrate request and operations etc. any resemblance to actual data are coincidental.
This document is not the authoritative source for business and policy rules and possible discrepancies between this an any authoritative sources are regarded as errors in this document. This document is aimed at being the external technical specification and describes the implementation facing the users and is an interpretation of authoritative sources and can therefor be erroneous.
This document is copyright by Punktum dk A/S and is licensed under the MIT License, please see the separate LICENSE file for details.
5.2 2021-12-07
- Updated documentation for: Authorize Change Name Servers with the new and improved token format
- Updated documentation for: Authorize Change Registrar with the new and improved token format
5.1 2021-10-04
- Added documentation for change of name servers initiated by registrant
- Describes service version 5.1.0
5.0 2021-09-16
- Initial revision of a technical specification for the self-service portal. Only a few features are documented
- Describes service version 5.0.0
Punktum dk is the registry for the ccTLD for Denmark (dk). The current model used in Denmark is based on a sole registry, with Punktum dk maintaining the central DNS registry.
SB is a web based service aimed at registrants and other non-registrar end-users, for interacting with the Punktum dk registry.
The SB service supports the following protocols for transport security:
- TLSv1.2
Punktum dk offers the following two environments:
- production
Updates to both environments are announced via the tech-announce mailing list.
Please see the information page for details on subscribing etc.
https://sb.dk-hostmaster.dk/
- Log in to the self-service portal ποΈβπ¨οΈ
- Find the domain name in the list of domain names you want to work on ποΈβπ¨οΈ
- Click on the domain name to go to the detailed overview
- On the detail page, locate the section "Authorisations codes" on the right side of the page ποΈβπ¨οΈ
- Click "Change Name Servers" to go to the page to generate the authorisation code ποΈβπ¨οΈ
- Click "GENERATE CODE"
A code is now generated, this code should be provided to the registrar or name server administrator to whom the user wants to use for name service. ποΈβπ¨οΈ
Once the code is in the possession of the registrar, it can be used to execute the actual.
The authorisation code works:
- Only for a single domain name
- Only for a single operation
- Has a lifespan of 14 days
- Can be replaced with a new code
- Can be deleted, meaning the authorisation is retracted
An authorization token can be generated/issued for change of name servers by another name server administrator, where the receiving name server administrator via the token has the authorization to perform the operation.
The authorization token has to be communicated out of band.
The token has the format: <role>-<operation>-<unique token>
An example: NSA-REDEL-098f6bcd4621d373cade4e832627b4f6
- The authorization is generated/issued by a registrar (
NSA, for name server administrator) - The authorization is for a transfer operation (
REDEL, for redelegation) - and finally a unique key
Since an authorization could also be issue by the registrant or proxy, those example would resemble the following:
As registrant: OWN-REDEL-098f6bcd4621d373cade4e832627b4f6
- The authorization is generated/issued by a registrant (
OWN, for registrant/owner) - The authorization is for a transfer operation (
REDEL) - and finally a unique key
As proxy PXY-REDEL-098f6bcd4621d373cade4e832627b4f6
- The authorization is generated/issued by a registrant (
PXY, for proxy) - The authorization is for a transfer operation (
REDEL) - and finally a unique key
- Log in to the self-service portal ποΈβπ¨οΈ
- Find the domain name in the list of domain names you want to work on ποΈβπ¨οΈ
- Click on the domain name to go to the detailed overview
- On the detail page, locate the section "Authorisations codes" on the right side of the page ποΈβπ¨οΈ
- Click "Change To Registrar Management" or "Change Registrar" to go to the page to generate the authorisation code
- Click "GENERATE CODE" ποΈβπ¨οΈ
A code is now generated, this code should be provided to the registrar to whom the registrant wants to transfer. ποΈβπ¨οΈ
Once the code is in the possession of the registrar, it can be used to execute the actual operation of transferring the domain name.
The authorisation code works:
- Only for a single domain name
- Only for a single operation
- Has a lifespan of 14 days
- Can be replaced with a new code
- Can be deleted, meaning the authorisation is retracted
An authorization token can be generated/issued for transfer to another registrar, where the receiving registrar via the token has the authorization to perform the operation.
The authorization token has to be communicated out of band.
The token has the format: <role>-<operation>-<unique token>
An example: REG-TRANSFER-098f6bcd4621d373cade4e832627b4f6
- The authorization is generated/issued by a registrar (
REG, for registrar) - The authorization is for a transfer operation (
TRANSFER) - and finally a unique key
Since an authorization could also be issue by the registrant, that example would resemble the following: OWN-TRANSFER-098f6bcd4621d373cade4e832627b4f6
- The authorization is generated/issued by a registrant (
OWN, for registrant/owner) - The authorization is for a transfer operation (
TRANSFER) - and finally a unique key
- Log in to the self-service portal ποΈβπ¨οΈ
- Find the domain name in the list of domain names you want to work on ποΈβπ¨οΈ
- Click on the domain name to go to the detailed overview
- On the detail page, locate the section "Manage domain name" on the right side of the page ποΈβπ¨οΈ
- Click "Change change name servers - external" or "Change change name servers - internal" to go to start the wizard to change the name servers
- First step displays the existing name servers, enter the primary name server you want to change to and click "CONTINUE" ποΈβπ¨οΈ
- Second step displays the existing name servers and the newly located name servers, if the proposed change is acceptable click "CONTINUE" ποΈβπ¨οΈ
- Third step displays the confirmation of the operation and the new name servers ποΈβπ¨οΈ
For a name server change to be successful, the following pre-conditions has to be met:
- The name server must be registered with Punktum dk in advance, by a registrar or name server administrator
- The name server has to be active, it must not have pending operations or be marked for deletion
- The name server has to respond for the domain name, see also: "Required Responsiveness" in the Punktum dk Name Service specification
- At least two name servers should respond, see also: "Required Amount of Name Servers" in the Punktum dk Name Service specification
List of references used in this document in alphabetical order.
- Punktum dk: Self-service Portal Service Specification Screenshots
- Punktum dk: Name Service Specification
A list of resources for the Punktum dk Self-service Portal support is located below.
Punktum dk operates a mailing list for technical discussion and inquiries about the Punktum dk offerings. To subscribe to this list, write to the address below and follow the instructions. Please note that the list is for technical discussion only, any issues beyond the technical scope will not be responded to, please send these to the contact issue reporting address below and they will be passed on to the appropriate entities within Punktum dk.
For issue reporting related to this specification, the RP implementation or test, sandbox or production environments, please contact us. You are of course welcome to post these to the mailing list mentioned above, otherwise use the regular support channels.
| Command | Registrant | Registrar | Domain name proxy | Domain name billing | Name server admin |
|---|---|---|---|---|---|
| Authenticate | β | β | β | β | β |
| Add billing contact | β | β *1 | β | ||
| Remove billing contact | β | β | β | β *2 | |
| Add proxy contact | β | β | |||
| Remove proxy contact | β | β *3 | |||
| Change registrant | β | β | |||
| Approve name server | β | β | β | ||
| Add DSRECORDS | β | β | β | ||
| Remove DSRECORDS | β | β | β | ||
| Renew domain | β | ||||
| Cancel/Delete domain | β | ||||
| Restore domain *4 | β | :white_check_mar: | |||
| Show domain | β | β | β | β | β |
| Administer Name Server | β | ||||
| Update user | β | β | β | β | β |
| Show user *5 | β | β | β | β | β |
| Show name server *6 | β | β | β | β | |
| Create name server | β | β | |||
| Delete name server | β *7 | β | |||
| Transfer Domain Name | β *8 | ||||
| Generate authorization for transfer | β | ||||
| Change period for domain name | β | β | β | ||
| Change Name Servers | β | ||||
| Generate authorization for change of name servers | β | β |
- *1 a registrar has a special privilege to about the registrar as billing contact
- *2 the billing contact can remove oneself, not appoint another explicitly, the registrant is appointed the role of billing contact
- *3 the proxy contact can remove oneself, not appoint another explicitly, the registrant is appointed the role of proxy contact
- *4 this can be done anonymously, requires additional action from the registrant
- *5 users can see details on them selves and on other users they are related to
- *6 name servers details can only be seen by the name server administrator other users will see limited information
- *7 name servers can be deleted via a domain deletion, if subordinate
- *8 registrants can change back to registrant management from registrar management
| Command | Registrant | Registrar | Name server admin |
|---|---|---|---|
| Authenticate | β | β *1 | β *2 |
| Add billing contact | β | ||
| Remove billing contact | β | ||
| Add proxy contact | β | ||
| Remove proxy contact | β | ||
| Change registrant | β | ||
| Approve name server | |||
| Add DSRECORDS | β | β | |
| Remove DSRECORDS | β | β | |
| Renew domain | β | ||
| Cancel/Delete domain | β | ||
| Restore domain | β | ||
| Show domain | β | β | β |
| Administer name server | β | ||
| Update user | β | β | β |
| Show user | β | β | β |
| Show name server | β | β | β |
| Create name server | β | ||
| Delete name server | β | β | |
| Transfer Domain Name | β | ||
| Generate authorization for transfer | β | β | |
| Set period for domain name | β | ||
| Change Name Servers | β | ||
| Generate authorization for change of name servers | β |
- *1 as registrar, WHOIS handles linked to a registrar account cannot authenticate towards SB, please the registrar portal or EPP service
- *2 as name server administrator, WHOIS handles linked to a registrar account cannot authenticate towards SB, please the registrar portal or EPP service